- Description
- In SAP Business Objects Business Intelligence Platform, before versions 4.1, 4.2 and 4.3, some dynamic pages (like jsp) are cached, which leads to an attacker can see the sensitive information via cache and can open the dynamic pages even after logout.
- Source
- cna@sap.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- nvd@nist.gov
- CWE-200
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3B376347-8275-422E-85EB-FFF06DD4B163"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94D99965-4042-45FB-9DD1-E2179BC2CB04"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:4.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8736E5E3-BF1A-4E3C-92B9-E81C4F7B4877"
}
],
"operator": "OR"
}
]
}
]